I hereby claim:
- I am pe3zx on github.
- I am pe3z (https://keybase.io/pe3z) on keybase.
- I have a public key ASAzdu1UrrjqePFimVAWvDNJqtUxpCoFSsWtBMrZCR1V1go
To claim this, I am signing this object:
pe3zx pe3zx
pe3zx
/ MAZE_Group_1.json
Last active
October 9, 2020 13:50
MAZE Tactics and Techniques for ATT&CK Navigator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "name": "MAZE Group 1", | |
| "version": "2.2", | |
| "domain": "mitre-enterprise", | |
| "description": "", | |
| "filters": { | |
| "stages": [ | |
| "act" | |
| ], | |
| "platforms": [ |
pe3zx
/ malware_carriers_hunting.yar
Last active
October 13, 2019 07:39
Extracted YARA rules from BlackHat USA 2019 talk "Worm Charming - Harvesting Malware Lures for Fun and Profit"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // any Office document with macros. | |
| rule macro_hunter | |
| { | |
| strings: | |
| $ole_marker = {D0 CF 11 E0 A1 B1 1A E1} | |
| $macro_sheet_h1 = {85 00 ?? ?? ?? ?? ?? ?? 01 01} | |
| $macro_sheet_h2 = {85 00 ?? ?? ?? ?? ?? ?? 02 01} | |
| condition: | |
| new_file and ( | |
| tags contains "macros" or ( |
pe3zx
/ disable_windows_defender.bat
Last active
December 25, 2023 10:27
Disable Windows Defender on Windows 10 1903
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!! | |
| rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference | |
| rem To also disable Windows Defender Security Center include this | |
| rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f | |
| rem 1 - Disable Real-time protection | |
| reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import binascii | |
| import struct | |
| from ctypes import Union, Structure, c_int, c_long, c_ushort, c_uint, c_short | |
| from collections import namedtuple | |
| from pprint import pprint | |
| # struct timestamp_entry { | |
| # unsigned short version; /* version number */ | |
| # unsigned short size; /* entry size */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <VirtualHost *:443> | |
| ServerName misp.local | |
| DocumentRoot /var/www/MISP/app/webroot | |
| <Directory /var/www/MISP/app/webroot> | |
| Options -Indexes | |
| AllowOverride all | |
| Order allow,deny | |
| allow from all | |
| </Directory> |
pe3zx
/ keybase.md
Last active
January 31, 2022 03:20